Netscreen-10 DMZ

Netscreen-10 DMZ
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Netscreen-10 DMZ Dave Sunter 03-31-2006
Posted by Dave Sunter on March 31, 2006, 4:32 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Morning Guys & Girls

I hope someone can answer me a quick question.

I am wanting to use the DMZ to test a new 2mb internet connection in my
office. I can't use the trusted port as this is already been used to supply
the office with the current internet connection and mail.

I have configured the DMZ to the settings of the new router and setup a
profile for HTTP Access from my machine to the DMZ.

Problem is it doesn't seem to do anything.

Now maybe I've got the completely wrong end of the stick about the DMZ so
excuse me I have, but I thought you could set it up as an additional access
to the Web / Mail server etc.

The only time I get a entry in the log is if I try to access the Routers IP
address from Internet Explorer....any other traffic I.E. HTTP does not
register and it doesn't even look like it routes towards the DMZ.....no
orange data light on the DMZ on the Netscreen.

Could anybody please point me in the right direction (apart from the door,
lol) on how I can test this New connection with the Netscreens DMZ.

Many Thanks and sorry for the longwinded post.

Dave :)




Posted by Somebody. on March 31, 2006, 8:01 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> Morning Guys & Girls
>
> I hope someone can answer me a quick question.
>
> I am wanting to use the DMZ to test a new 2mb internet connection in my
> office. I can't use the trusted port as this is already been used to
> supply the office with the current internet connection and mail.
>
> I have configured the DMZ to the settings of the new router and setup a
> profile for HTTP Access from my machine to the DMZ.
>
> Problem is it doesn't seem to do anything.
>
> Now maybe I've got the completely wrong end of the stick about the DMZ so
> excuse me I have, but I thought you could set it up as an additional
> access to the Web / Mail server etc.
>
> The only time I get a entry in the log is if I try to access the Routers
> IP address from Internet Explorer....any other traffic I.E. HTTP does not
> register and it doesn't even look like it routes towards the DMZ.....no
> orange data light on the DMZ on the Netscreen.
>
> Could anybody please point me in the right direction (apart from the door,
> lol) on how I can test this New connection with the Netscreens DMZ.
>
> Many Thanks and sorry for the longwinded post.
>
> Dave :)

Basically what you're trying to do is a policy route, in other words, to
send only http traffic out a different interface than it would normally
route out to. You can't do this with the version 3 firmware on your NS10.

All you can do is route out to specific IP's. So, if you know of a
particular destination server, you can add a static route for that IP to the
NS10's routing table and have it exit out the DMZ interface. Then, traffic
destined for that IP will be routed to that interface. Then, you need a
policy from trust -->DMZ source <inside LAN> dest <the destination IP>
service HTTP to permit the traffic.

As it is, you didn't mention a route, but it looks like you're not routing
anything to that interface. The traffic bound for the othere router's IP
works because that IP is in the subnet of the IP of the DMZ interface, which
is a connected route automatically placed in the routing table.

-Russ.




The site map in XML format XML site map

Contact Us | Privacy Policy